Kali Linux 2023.2 Release (Hyper-V & PipeWire)
https://www.kali.org/blog/kali-linux-2023-2-release/
https://www.kali.org/blog/kali-linux-2023-2-release/
Kali Linux
Kali Linux 2023.2 Release (Hyper-V & PipeWire) | Kali Linux Blog
Quick off the mark from previous 10 year anniversary, Kali Linux 2023.2 is now here. It is ready for immediate download or upgrading if you have an existing Kali Linux installation.
The changelog highlights over the last few weeks since March’s release of…
The changelog highlights over the last few weeks since March’s release of…
AceCryptor Technical analysis
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation
WeLiveSecurity
Shedding light on AceCryptor and its operation
ESET researchers reveal details about a prevalent cryptor that operates as a cryptor-as-a-service and is used by tens of malware families.
LightsOut - Generate an obfuscated DLL that will disable AMSI & ETW
https://github.com/icyguider/LightsOut
https://github.com/icyguider/LightsOut
GitHub
GitHub - icyguider/LightsOut: Generate an obfuscated DLL that will disable AMSI & ETW
Generate an obfuscated DLL that will disable AMSI & ETW - icyguider/LightsOut
❤1
Operation Triangulation: iOS devices targeted with previously unknown malware
https://securelist.com/operation-triangulation/109842/
https://securelist.com/operation-triangulation/109842/
Securelist
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices…
❤2
Bad Spin: Android Binder Privilege Escalation Exploit (CVE-2022-20421)
https://github.com/0xkol/badspin
https://github.com/0xkol/badspin
GitHub
GitHub - 0xkol/badspin: Bad Spin: Android Binder Privilege Escalation Exploit (CVE-2022-20421)
Bad Spin: Android Binder Privilege Escalation Exploit (CVE-2022-20421) - 0xkol/badspin
#OWASP Top 10
for Large Language Model Applications
https://hadess.io/owasp-top-10-for-large-language-model-applications
for Large Language Model Applications
https://hadess.io/owasp-top-10-for-large-language-model-applications
HADESS
OWASP In Cyber Security 2023 | Top 10 For LLM Applications - HADESS
In this article, we explored the concept of OWASP in cyber security. We have explained the reason for using it in 2023.
HackBrowserData - CLI tool for decrypting/exporting browser data (passwords, history, cookies, bookmarks, credit cards, download records, localStorage and extension) from the browser
https://github.com/moonD4rk/HackBrowserData
https://github.com/moonD4rk/HackBrowserData
GitHub
GitHub - moonD4rk/HackBrowserData: Extract and decrypt browser data, supporting multiple data types, runnable on various operating…
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux). - moonD4rk/HackBrowserData
❤1
Details of a critical TCP/IP RCE (CVE-2023-23416)
https://fieldeffect.com/blog/cve-analysis-red-october-one-ping-too-many
https://fieldeffect.com/blog/cve-analysis-red-october-one-ping-too-many
Fieldeffect
[CVE Analysis] Red October: One Ping Too Many
Erik Egsgard explains CVE-2023-21688, CVE-2023-23415, and CVE-2023-23416—three security vulnerabilities he discovered within the Windows operating system.
❤1
Bypassing Defender with ThreatCheck & Ghidra
https://offensivedefence.co.uk/posts/threatcheck-ghidra
https://offensivedefence.co.uk/posts/threatcheck-ghidra
offensivedefence.co.uk
Bypassing Defender with ThreatCheck & Ghidra
Intro It should come as no surprise when payloads generated in their default state get swallowed up by Defender, as Microsoft have both the means and motivation to proactively produce signatures for open and closed source/commericial tooling. One tactic to…
Fuzzing Android Native libraries with libFuzzer + QEMU
https://fuzzing.science/blog/Fuzzing-Android-Native-libraries-with-libFuzzer-Qemu
https://fuzzing.science/blog/Fuzzing-Android-Native-libraries-with-libFuzzer-Qemu
👍1
CVE-2023-34362:
MOVEIt Transfer RCE
Part1: https://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure
Part 2: https://blog.assetnote.io/2023/06/13/moveit-transfer-part-two
MOVEIt Transfer RCE
Part1: https://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure
Part 2: https://blog.assetnote.io/2023/06/13/moveit-transfer-part-two
👍1
Pentration Testing, Beginners To Expert!
https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
GitHub
GitHub - xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes: A comprehensive guide for web application penetration…
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities. - xalgord/Massive-...
👍3
Writing Windows Kernel Drivers for Advanced Persistence
Part 1: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
Part 2: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-2
Part 1: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
Part 2: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-2
v3ded.github.io
Red Team Tactics: Writing Windows Kernel Drivers for Advanced Persistence (Part 1)
Introduction This post, as indicated by the title, will cover the topic of writing Windows kernel drivers for advanced persistence. Because the subject matte...